package com.zjk.web.admin;

import com.wf.captcha.GifCaptcha;
import com.wf.captcha.SpecCaptcha;
import com.wf.captcha.base.Captcha;
import com.wf.captcha.utils.CaptchaUtil;
import com.zjk.domain.User;
import com.zjk.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.util.DigestUtils;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.mvc.support.RedirectAttributes;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.awt.*;

@Controller
@RequestMapping("/admin")
public class LoginController {

    @Autowired
    private UserService userService;

    @RequestMapping("/captcha")
    public void captcha(HttpServletRequest request, HttpServletResponse response) throws Exception {
        GifCaptcha gifCaptcha = new GifCaptcha(130,48,4);
        CaptchaUtil.out(gifCaptcha, request, response);
        String verCode = gifCaptcha.text().toLowerCase();
        request.getSession().setAttribute("captcha",verCode);
    }

    @GetMapping
    public String loginPage() {
        return "admin/login";
    }

    @GetMapping("/register")
    public String registerPage() {
        return "admin/register";
    }

    @PostMapping("/register/submit")
    public String register(User user,
                           @RequestParam("password_again") String password_again,
                           @RequestParam("captcha") String captcha,
                           HttpSession session,
                           RedirectAttributes redirectAttributes){
        if (!user.getPassword().equals(password_again)) {
            redirectAttributes.addFlashAttribute("message", "两次密码不一致");
        }else {
            if (!captcha.equals(session.getAttribute("captcha"))) {
                redirectAttributes.addFlashAttribute("message", "验证码输入错误");
                session.removeAttribute("captcha");
            }else {
                userService.registerUser(user);
            }
        }
        return "redirect:/admin/register";
    }

    @PostMapping("/login")
    public String login(@RequestParam String username,
                        @RequestParam String password,
                        @RequestParam String captcha,
                        HttpSession session,
                        RedirectAttributes redirectAttributes) {
        if (!captcha.equals(session.getAttribute("captcha"))) {
            redirectAttributes.addFlashAttribute("message", "验证码输入错误");
            session.removeAttribute("captcha");
            return "redirect:/admin";
        }
        String passwordMD5 = DigestUtils.md5DigestAsHex(password.getBytes());
        User user = userService.checkUser(username, passwordMD5);
        if (user != null) {
            user.setPassword(null);
            session.setAttribute("user", user);
            return "redirect:/admin/blogs";
        } else {
            /*attr.addAttribute(“param”, value);
            这种方式就相当于重定向之后，在url后面拼接参数，这样在重定向之后的页面或者控制器再去获取url后面的参数就可以了，
            但这个方式因为是在url后面添加参数的方式，所以暴露了参数，有风险
            attr.addFlashAttribute(“param”, value);
            这种方式也能达到重新向带参，而且能隐藏参数，其原理就是放到session中，session在跳到页面后马上移除对象。*/
            redirectAttributes.addFlashAttribute("message", "用户名或密码错误");
            return "redirect:/admin";
        }
    }

    @GetMapping("/logout")
    public String logout(HttpSession session) {
        session.removeAttribute("user");
        return "redirect:/admin";
    }
}
